Policy Cache & Policy Processor fixes for #566#570
Merged
milanlenco merged 3 commits intocontiv:masterfrom Feb 5, 2018
Merged
Conversation
This PR addresses comment suggestions of contiv#566. - Refactor code for match expression and match label files to return only []string - Simplified getPodsByNSLabelSelector & getPodsByLabelSelector in match_label.go to be easily readable - Added missing comments for function description and more robust comments in code - Fixed two bugs in processor.go (missing "!" and worng function call)
tiewei
suggested changes
Feb 3, 2018
Contributor
tiewei
left a comment
tiewei
left a comment
There was a problem hiding this comment.
Good to see improvements here, would love to see the changes for the Intersect related improvements and, i think currently getPodsByLabelSelector and getPodsByNSLabelSelector are potentially broken due to empty labels passed
plugins/policy/cache/match_label.go
Outdated
| newPodSet := pc.configuredPods.LookupPodsByNSLabelSelector(newNSLabelSelector) | ||
| current := utils.Intersect(prevPodSet, newPodSet) | ||
| if len(current) == 0 { | ||
| return []string{} |
Contributor
There was a problem hiding this comment.
you can just break here, but it's not big deal
plugins/policy/cache/cache_impl.go
Outdated
| } | ||
|
|
||
| return nil | ||
| return []podmodel.ID{} |
Contributor
There was a problem hiding this comment.
L107 - L140 can be as simple as
mlPods := pc.getPodsByNSLabelSelector(policyNamespace, matchLabels)
mePods := pc.getMatchExpressionPods(policyNamespace, matchExpressions)
return utils.UnstringPodID(utils.Intersect(mlPods, mePods))
The empty case should be handled on the methods getPodsByNSLabelSelector and getMatchExpressionPods, they should return empty slice when no labels provided,
Intersectand UnstringPodID are smart enough to be if any of slice is empty, return empty
| newPodSet := []string{} | ||
|
|
||
| // getPodsByNSLabelSelector returns the pods that match a collection of Label Selectors in the same namespace | ||
| func (pc *PolicyCache) getPodsByNSLabelSelector(namespace string, labels []*policymodel.Policy_Label) []string { |
Contributor
There was a problem hiding this comment.
you should check if labels is empty here, otherwise you may will get error at labes[0]
| // GetPodsByNSLabelSelector returns the pods that match a collection of Label Selectors | ||
| func (pc *PolicyCache) getPodsByLabelSelector(labels []*policymodel.Policy_Label) (bool, []string) { | ||
| // getPodsByLabelSelector returns the pods that match a collection of Label Selectors | ||
| func (pc *PolicyCache) getPodsByLabelSelector(labels []*policymodel.Policy_Label) []string { |
Contributor
There was a problem hiding this comment.
you should check if labels is empty, or there will be error
plugins/policy/cache/match_label.go
Outdated
| newNamespaceSet := pc.configuredNamespaces.LookupNamespacesByLabelSelector(newNSLabelSelector) | ||
| current = utils.Intersect(prevNamespaceSet, newNamespaceSet) | ||
| if len(current) == 0 { | ||
| return []string{} |
| return false, nil | ||
| } | ||
| return true, pods | ||
| return pods |
Contributor
There was a problem hiding this comment.
same here, I would say update utils.Intersect to make it smarter on either of them is empty case, like
func Intersect(a []string, b []string) []string {
if len(a) == 0 || len(b) == 0 {
return []string{}
}
...
}
or further improve it to take a slice variables
// Intersect at least need two lists
func Intersect(a []string, b []string, s ...[]string) []string {
if len(a) == 0 || len(b) == 0 {
return []string{}
}
set := make([]string, 0)
hash := make(map[string]bool)
for _, el := range a {
hash[el] = true
}
for _, el := range b {
if _, found := hash[el]; found {
set = append(set, el)
}
}
if len(s) == 0 {
return set
}
return Intersect(set, s[0], s[1:]...)
}
In this way, a lot places can be just
return utils.Intersect(inPodSet, notInPodSet, existsPodSet, notExistPodSet)
tiewei
reviewed
Feb 3, 2018
| @@ -97,17 +97,14 @@ func (pc *PolicyCache) getMatchExpressionPods(namespace string, expressions []*p | |||
| notExistPodSet = utils.RemoveDuplicates(inPodSet) | |||
|
|
|||
| inMatcher := utils.Intersect(inPodSet, notInPodSet) | |||
Contributor
There was a problem hiding this comment.
aren't L95-L97 bugs ?
notInPodSet = utils.RemoveDuplicates(notInPodSet)
existsPodSet = utils.RemoveDuplicates(existsPodSet)
notExistPodSet = utils.RemoveDuplicates(notExistPodSet)
brecode
added a commit
to brecode/contiv-vpp
that referenced
this pull request
Feb 3, 2018
- Changed Interesct function to calculate more than two slices. Added an additional check for empty slices. - Added an additional check for empty labels in getPodsByNSLabelSelector and getMatchExpressionPods on file match_label.on. If empty labels empty slice is returned - Simplified cache_implementation code by removing if cases when no labels provided. The if cases are now handled in getPodsByNSLabelSelector and getMatchExpressionPods.
- Changed Interesct function to calculate more than two slices. Added an additional check for empty slices. - Added an additional check for empty labels in getPodsByNSLabelSelector and getMatchExpressionPods on file match_label.on. If empty labels empty slice is returned - Simplified cache_implementation code by removing if cases when no labels provided. The if cases are now handled in getPodsByNSLabelSelector and getMatchExpressionPods. - Removed unecessary function call on duplicates to slices on match_expression.go The duplicate removal is handled by Intersect function
tiewei
reviewed
Feb 4, 2018
plugins/policy/utils/utils.go
Outdated
|
|
||
| // Intersect returns the common elements of two slices | ||
| func Intersect(a []string, b []string) []string { | ||
| // Intersect returns the common elements of or more slices |
tiewei
reviewed
Feb 4, 2018
plugins/policy/utils/utils.go
Outdated
| // Intersect returns the common elements of two slices | ||
| func Intersect(a []string, b []string) []string { | ||
| // Intersect returns the common elements of or more slices | ||
| // Intersect needs at least two lists |
Contributor
There was a problem hiding this comment.
if corrected above line, this line is not needed
tiewei
approved these changes
Feb 4, 2018
Contributor
tiewei
left a comment
tiewei
left a comment
There was a problem hiding this comment.
Just need a fix on godoc of Intersect, rest are good
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR addresses comment suggestions of #566.
Refactor code for match_expression and match_label go files to return only []string
instead of (bool, []string)
Simplified getPodsByNSLabelSelector & getPodsByLabelSelector in match_label.go to be
easily readable
Added missing comments for function description and more robust comments in code
Fixed two bugs in processor.go (missing "!" and worng function call)